Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 1443 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit Web Application Security to a group of IP

onitram
Hi,

I use Web Application Security as a Reverse Proxy. I need to limit only one external IP or a group of IPs to use this feature. I don't wont any other IPs can reach the destnation Server.

Is there a solution?

Thanks in advance


This thread was automatically locked due to age.
Parents
  • 0
    Well, there is a work-around, but it's a bit clumsy, at present.  I haven't tried this, bit it should work.

    Use two DNATs, in this order:

    - 1: {group of allowed IPs} -> Web Surfing -> External [Additional] (Address) : DNAT -> External [Additional] (Address)

    - 2: Internet -> Web Surfing -> External [Additional] (Address) : DNAT -> {non-existent IP}

    I don't think the first rule creates an infinite loop, but, as I said, I haven't tried it.  The alternative that is messier still but I know will work is one rule liike 2 above but with Internet replaced by {group of network definitions that include all IPs except the allowed IPs}.

    Please let us know if you tried either and if it worked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Well, there is a work-around, but it's a bit clumsy, at present.  I haven't tried this, bit it should work.

    Use two DNATs, in this order:

    - 1: {group of allowed IPs} -> Web Surfing -> External [Additional] (Address) : DNAT -> External [Additional] (Address)

    - 2: Internet -> Web Surfing -> External [Additional] (Address) : DNAT -> {non-existent IP}

    I don't think the first rule creates an infinite loop, but, as I said, I haven't tried it.  The alternative that is messier still but I know will work is one rule liike 2 above but with Internet replaced by {group of network definitions that include all IPs except the allowed IPs}.

    Please let us know if you tried either and if it worked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?